Installing the QRadar Incident Forensics software on a virtual machine

After you create your virtual machine, you must install the IBM® QRadar® software on the virtual machine.

Restriction: Resizing logical volumes by using a logical volume manager (LVM) is not supported.


  1. In the left navigation pane of your VMware vSphere Client, select your virtual machine.
  2. In the right pane, click the Summary tab.
  3. In the Commands pane, click Edit Settings.
  4. In the left pane of the Virtual Machine Properties window, click CD/DVD Drive 1.
  5. In the Device Status pane, select the Connect at power on check box.
  6. In the Device Type pane, select Datastore ISO File and click Browse.
  7. In the Browse Datastores window, locate and select the product ISO file, click Open and then click OK.
  8. After the product ISO image is installed, right-click your virtual machine and click Power > Power On.
  9. Log in to the virtual machine by typing root for the user name.

    The user name is case-sensitive.

  10. Ensure that the End User License Agreement (EULA) is displayed.
    Tip: Press the Space bar to advance through the document.
  11. On the Select the Appliance ID page, choose the QRadar Incident Forensics component to install.
    • For distributed installation, select 6000 QRadar Incident Forensics Processor.
    • For stand-alone deployments, select 6100 QRadar Incident Forensics Standalone.
  12. For the type of setup, select normal.
  13. Follow the instructions in the installation wizard to complete the installation.

    The following table contains descriptions and notes to help you configure the installation.

    Table 1. Description of network settings
    Network Setting Description

    Host name

    Fully qualified domain name

    Secondary DNS server address


    Public IP address for networks that use Network Address Translation (NAT)

    Not supported

    Email server name

    If you do not have an email server, use localhost.

    Root password

    The password must meet the following criteria:

    • Contain at least 5 characters
    • Contain no spaces
    • Can include the following special characters: @, #, ^, and *.

    After you configure the installation parameters, a series of messages are displayed. The installation process might take several minutes.

What to do next

If you aren't installing IBM QRadar Incident Forensics Standalone, see Adding a QRadar Incident Forensics managed host to QRadar Console.